Cybersecurity experts have alerted Netflix users against an SMS phishing campaign being used to steal account and credit card information. Hackers are sending this phishing text, claiming the concerned person has not paid for their subscription and that their account will be suspended soon, the New York Post reported.

“These SMS scare campaigns targeting Netflix customers have become ubiquitous and never stop, but they vary in size and scope,” said security firm Bitdefender. 

“NETFLIX: There was an issue processing your payment. To keep your services active, please sign in and confirm your details at…” reads one such alert. There is a link that directs viewers to a website that looks identical to the Netflix platform and asks for their credit card number and login credentials.

These stolen credentials are sold to underground rings on the dark web.

Netflix’s lack of two-factor authentication protections has made the scam easier to spread in as many as 23 countries, including the US. The streaming platform is vulnerable to spear phishing as it only relies on usernames and passwords for security. 

Netflix, in a statement about the text messages scam, said, “We will never ask you to enter your personal information in a text or email. We will never request payment through a 3rd party vendor or website. If the text or email links to a URL that you don’t recognize, don’t tap or click it.” 

If you have already clicked any of these links, the streaming giant suggests changing your Netflix password to a new one that is strong and unique. It also suggests updating your password on any other websites or apps where you used the same email and password combination.

Bitdefender, a cybersecurity firm, advises users to avoid opening suspicious links and manually enter websites rather than clicking links without verifying in order to prevent falling for scams.